Release Notes
Abstract
This technical note provides guidance for installing IBM Security Guardium Data Protection patch 12.0p6009, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p6009.tgz.enc.sig
- MD5 checksum: 7c16fafcefdbde352d6c92a9cb86e7b0
Finding the patch
Make the following selections to locate this patch for download on the IBM Fix Central website:
Make the following selections to locate this patch for download on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed version: 12.0
- Platform: All
- Click "Continue," select "Browse for fixes," and click "Continue" again.
- Select "Appliance patch (GPU and ad hoc)" and enter the patch information in the "Filter fix details" field to locate the patch
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
Guardium Data Protection patch 12.0p20
Installation
Notes:
- This patch is a designated security patch.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact Guardium support if there is an issue with patch installation.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Review the latest version of the patch release notes just before you install the patch.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Security fixes
This patch contains the following security fixes:
| Issue key | Summary | CVEs |
|---|---|---|
| GRD-76934 | SE - Pen Testing On Prem - October 2023 - Components have known vulnerabilities with proof of concept exploits - platform | -- |
| GRD-82532 | PSIRT: PVR0509682 - IBM SDK, Java Technology Edition Quarterly Critical Patch Update (CPU) - April 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 | CVE-2023-38264 |
| GRD-82618 | PSIRT: PVR0486479, PVR0483335 - OpenSSL (publicly disclosed vulnerability) |
CVE-2023-6129
CVE-2024-0727
|
| GRD-82996 | PSIRT: PVR0510300 - bcprov-jdk15on-1.56.jar (publicly disclosed vulnerability found by Mend) - webapps, gimserver | -- |
| GRD-83492 | PSIRT: PVR0506186, PVR0510604, PVR0510640, PVR0510586, PVR0510622 - [All] GNU glibc - CVE-2024-2961, CVE-2024-33599 (publicly disclosed vulnerability) |
CVE-2024-2961
CVE-2024-33599
CVE-2024-33600
CVE-2024-33602
CVE-2024-33601
|
| GRD-83567 | PVR0497727, PVR0497754: [All] Apache Tomcat (core only) update in version 12 |
CVE-2024-23672
CVE-2024-24549
|
| GRD-84093 | PSIRT: PVR0412772 - Grub2 upgrade needed | CVE-2022-2601 |
| GRD-84339 | PSIRT: PVR0461564 - [All] Python (publicly disclosed vulnerability) | CVE-2023-40217 |
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 August 2024
UID
ibm17166229